The holiday season is a magical time for many of us.
Beginning with Thanksgiving, millions of people take time off from their jobs and schools to spend time with relatives, eat lots of good food, watch "Miracle on 34th Street" on repeat, and shop Black Friday deals.
Unfortunately, the holidays have become a magical time for hackers, too.
With many of us planning to step away from our day-to-day responsibilities, every CIO and CISO should be asking themselves a critical question during this time of year: “Who's minding the store?”
(If it wasn’t immediately obvious, the store in this metaphor is your IT environment.)
The Most Wonderful Time of Year...for Cyber Attackers
Generally, the holidays mean many offices are empty, computer systems are often unattended, and security operations centers are short-staffed with fewer eyes on the storefront - leaving many businesses and organizations vulnerable to cyber attacks.
The holidays have a very different meaning if you are a cybercriminal or hacking group – mainly, this time of year equals opportunity.
Common Cybersecurity Threats During the Holidays
A common approach cyber criminals use to discover who to attack is through "out-of-office" automatic email responses. They may start off with a "spray and pray approach," sending out thousands of emails en masse and then parsing the rich information of the out-of-office message. These messages may tell them any of the following data points: exactly who is on PTO, when they will return, their phone number for emergencies, and possibly an emergency contact. That's gold for hackers.
And there are additional cybersecurity and safety issues to keep in mind having to do with – you guessed it – human behavior.
With the onset of the holiday season, many of us have increased our online activities: booking flights, shopping for gifts, etc. Though these activities are not innately malicious, they give additional fodder to cybercriminals looking to social engineer end users to click and download their malicious payloads.
A prime example? You (along with the rest of us) are likely expecting packages or messages from relatives, so an attacker could easily create spear phishing emails to emulate a FedEx or UPS package tracking number, or mass-send a holiday "greeting card."
With holiday shopping increasing and plenty of mass promotions running for Black Friday, it’s just much more likely that people will click on email links. As a result, we typically see a large spike in email phishing over the holiday period.
A Look at Recent Holiday Cyberattacks
Here are just a few recent examples of major attacks that occurred during or close to a holiday:
- Just last month, Ferrara, a candy company, was hit with a ransomware attack leading up to their busiest time of year – Halloween.
- Just before Mother’s Day weekend, the Colonial Pipeline Company became a victim of a cyber security attack that forced a shutdown of their systems, costing them $4.4 million in ransom payments to a criminal group known as Darkside.
- The Russian-linked cybercriminal gang “REvil” gained notoriety after launching an attack on meat processor JBS during Memorial Day weekend, extorting the company for $11 million in ransom.
- The “REvil” gang struck again a few weeks later, targeting software company Kaseya at the start of the July 4th holiday weekend, leading to the single largest ransomware attack to date.
Cybersecurity Best Practices for Holidays and Weekends
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint ransomware awareness advisory a few months ago specific to looming holiday threats. And while CISA and the FBI don’t currently have specific threat reporting indicating a cyberattack will occur over the upcoming Thanksgiving or Christmas holidays, they did prepare a list of best practices for organizations to follow to help address the risk posed by all cyber threats, including ransomware.
The list of best practices and recommendations is extensive. We reviewed it and pulled out several items your organization should prioritize as you get ready for the holiday season:
- Identify and schedule security employees to be available and "on call" during holidays and weekends
- Continuously educate end users throughout the year, but especially during the holiday season, to not click on suspicious links or fall to social engineering tactics via spear phishing attempts
- Provide generic out-of-office messages for external recipients, or restrict automatic responses to internal contacts, if possible
- Make and maintain offline, encrypted backups of data and regularly test backups
- Raise awareness among users about the risks involved in visiting malicious websites or opening malicious attachments
- Limit access to resources over internal networks, especially by restricting remote desktop protocols (RDP) and using virtual desktop infrastructure
- Review the security posture of third-party vendors and those interconnected with your organization
- Replace software and operating systems that are no longer supported by vendors, to currently supported versions
- Regularly patch and update software to the latest available versions
- Use a centralized and automated patch management system
- Conduct regular vulnerability scanning to identify and address vulnerabilities, especially those on internet-facing devices
- Ensure strong passwords that are not reused across multiple accounts or stored on a system where an adversary may have access
- Implement multi-factor authentication (MFA) for all services, particularly for remote access, VPNs, and accounts that access critical systems
- Regularly audit administrative user accounts and configure access controls under the principles of least privilege and separation of duties
- Continuously and actively monitor for ransomware threats over holidays and weekends
Additional Cybersecurity Resources for the Holidays
Automox has extensive resources you can review to help prepare for a safer holiday season:
- Ransomware Mitigation With Endpoint Security & Hardening
- Supply Chain Ransomware Attacks on the Rise: How to Prepare Now
- The Anatomy of a Ransomware Attack
- Remote Workforce Cybersecurity Guide
- eBook: Avert Cyber Attacks With Proactive Endpoint Hardening
By following the cybersecurity best practices from the FBI and CISA and digging into some of the additional resources provided here, you can reduce your risk of exposure and feel just a little bit better about taking that well-deserved time off.
About Automox for Endpoint Management
Today’s IT leaders deserve better than tedious legacy tools to manage their infrastructure. From our single cloud-native platform, automate and scale your IT operations to meet the growing business demands of the modern workforce. With complete visibility of your entire environment, you can easily monitor, identify, and respond to issues in real-time across any endpoint, regardless of OS or location.
Demo Automox to see how you can immediately gain effortless command of your endpoints.